91.0.3 S/MIME can not be decrypted
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
People
(Reporter: mark, Unassigned)
References
Details
Attachments
(1 file)
73.42 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Edg/92.0.902.84
Steps to reproduce:
After Update from 78.13.0 to 91.0.3 S/MIME emails can not longer be decryted when received or sent.
I can send a email and encrypt it, but I am not able to read the send mail (even send to myself)
tested 2 different Mail clients: Outlook (Windows) and Nine (Android) can decrypt the sent and received message, encrypted by TB 91.0.3
Actual results:
encrypted mail can not be decryptet
Expected results:
should be decrypted
Reporter | ||
Updated•3 years ago
|
Reporter | ||
Updated•3 years ago
|
Comment 1•3 years ago
|
||
Thanks for reporting. Can you test with a fresh profile, import your SMIME certs/keys, setup your mail accounts, see if the sent mails can be decrypted?
Comment 2•3 years ago
|
||
See bug 1726442.
Does setting security.osclientcerts.autoload false help?
Reporter | ||
Comment 3•3 years ago
|
||
(In reply to Magnus Melin [:mkmelin] from comment #2)
See bug 1726442.
Does setting security.osclientcerts.autoload false help?
Perfect! That did the trick. Thanks a lot.
Reporter | ||
Comment 4•3 years ago
|
||
(In reply to Ping Chen (:rnons) from comment #1)
Thanks for reporting. Can you test with a fresh profile, import your SMIME certs/keys, setup your mail accounts, see if the sent mails can be decrypted?
From a fresh new client, I can not even sign a message. Importing the Chain and certificate works fine. It shows up in configuration, but does not work. -> "Signature can not be found or certificate expired"
S/MIME is completely broken, even on 91.1.0 (64-bit) Windows.
Tested with some text in body between TB 78 (latest) <> 91.1.0
Email encrypted by 78 is not readable by 91.1.0.
This is serious!
Ok, not serious, disabling AddOns helped so it is probably related to that?
I currently have these AddOns installed:
https://abload.de/img/capture6vk6d.png
After re-enabling the AddOns decryption still works...
Reporter | ||
Comment 7•3 years ago
|
||
(In reply to u690967 from comment #6)
After re-enabling the AddOns decryption still works...
No AddOns at all at my site. I need to disable the Microsoft certificate store, which is really bad, because other certificates are now missing. Providing and managing 2 separate certificate stores (one für TB one for MS) is unsatisfying.
Comment 8•3 years ago
|
||
Yes OS certificate store can't be used for S/MIME, but that should be no different from what it was in 78.
Comment 9•3 years ago
|
||
-> WFM.
Reporter | ||
Comment 10•3 years ago
|
||
(In reply to Magnus Melin [:mkmelin] from comment #9)
-> WFM.
Lucky you are ... but it doesn´t work for me. 78.* was functional, 91.* only with the mozilla certificates store.
-> security.osclientcerts.autoload = false
With the MS certificate store, mails can by encrypted, but after sending, not be decrypted if security.osclientcerts.autoload = true
doublechecked now in every update since the first 91.*
It is still a bug.
Comment 11•3 years ago
•
|
||
78 had security.osclientcerts.autoload false.
Also in 91, it must be false like you said. You can't use security.osclientcerts.autoload true with S/MIME.
Description
•